Building Trust Encryption Human Rights Improving Technical Security Privacy

Encryption and law enforcement: aiming for trust

What would a world of pervasive encryption look like? How would it change the ways in which we use the Internet? How do we get to that world? And how would law enforcement work?

These were some of the questions that we asked to a set of international experts (including law enforcement, private sector, civil society, technical community, intergovernmental agency) to address a few weeks ago during an Internet Society hosted panel at the 2015 Internet Governance Forum (IGF) in Brazil.[1]

For those wanting more background on the panel, please read the post I wrote before the event: Imagine an encrypted world! A workshop at the IGF 2015.You may also want to read more about our positions and projects related to encryption.

For the others, here are some key takeaways from the discussion:

While all panelists agreed there is both a need to ensure the security of citizens and to protect the confidentiality of online communications, views diverged on whether exceptional access for governments to encrypted material would be effective, technically feasible and proportionate.

Investigation of crimes vs. broad data collection First, an important distinction was made between what law enforcement does in the investigation of specific crimes, and what intelligence services might do as a matter of bulk data collection and the interception of signals, whether they be encrypted or not, for the use of objectives that are different. The point was made that crime investigation would usually focus on data at rest (mobile device, computer, etc) and follow stricter judicial oversight.

Factors leading to a world of pervasive encryption Playing the game of imagining a world of pervasive encryption, many speakers agreed that the drivers that could lead to this scenario would likely include public scandals that could trigger policy change (e.g. broad legislation by some governments increasing surveillance, CEO or political figure being victim of an attack due to weak encryption, major data hack in public administrations, etc). Another factor could include further steps from companies to deploy end-to-end encryption as a competitive advantage to regain customer trust (e.g. Apple has enabled end-to-end encryption in its iMessage application). Most guestimates on the panel led to a scenario where encryption will be pervasive in the next 5-10 years, even though the types of encryption technologies used could be very diverse and at varying strength levels at different layers of the user experience.

Alternative means for law enforcement The discussion raised the fact that while full access to unencrypted data would likely make the job of law enforcement agencies (LEA) easier, there are alternative means they can use, or are using, to target criminals. This includes targeting other parties that are involved in related crimes, using metadata to track patterns and relationships, and the employment of malware/spyware in exceptional cases. However, all these means usually require extensive legal thresholds for their use. Some raised that the increasing number of connected objects will also offer law enforcement agencies with new means to investigate crimes (while also raising further privacy concerns). It was also raised that technological means may not always replace investment in employing human intelligence. A related point was made by a panelist that there should be a similar level of barriers to the ones that were there before the Internet when it comes to intrusion in people’s privacy to investigate crimes. In other words, we shouldn’t fundamentally alter the principles that were valid for law enforcement pre-Internet just because technology has made possible new ways to intercept communications.

Encryption backdoors Several voices raised questions on whether it would be possible for governments to have exceptional access to encrypted material, as there does not seem to be an effective and widely acceptable solution currently. Technical insights indicated that strong encryption with forward secrecy would likely be unbreakable. However, data sitting at rest usually needs some credentials that could be retrieved from a device. Example was given of banks that are required to build their data systems in ways that support law enforcement/judicial requests.

Contextualise the debate Adding a layer of geographical context to the discussion, it was highlighted that many countries actually use national security arguments as a way to censor information and track political dissent. It is therefore important to contextualize the debate on the understanding that exceptional access to encrypted material – assuming it was possible and desirable – might sometimes be used in ways that will explicitly restrict fundamental rights, including freedom of expression. Reference was made to the 2015 Freedom on the Net report to sustain that point.

Need to build trust frameworks Eventually, with the likelihood that encryption will be more widely spread and available in the next 5 to 10 years, a key conclusion from the workshop was that the public debate should also focus on building new trust frameworks between law enforcement and citizens. A suggestion was made that the vision of a world with encryption by default (that protects users’ confidentiality and trust) could be compatible with systems where citizens could have the opportunity to contribute to community efforts towards crime prevention.

Overall, this exchange demonstrated the value of addressing this issues with all concerned parties at the table and identified a few key areas where the discussion needs to continue. As both security threats and interest in the use of encryption are not likely to decrease any time soon, the need to have a meaningful dialogue with law enforcement and other stakeholders is more important than ever and should intensify in the upcoming months.

The Internet Society stands ready to contribute to this debate and to offer a table to convene this necessary dialogue.


[1] The panelists involved in this session were:

  • Mr. Frank Pace, Sergeant, Digital Forensics Investigative Unit, Strategic Information Bureau, Phoenix Police Department
  • Mr. Ted Hardie, Executive Director, Internet Architecture Board
  • Ms. Carly Nyst, civil society, former Privacy International, international privacy expert
  • Mr. Michael Nelson, Internet-related global public policy issues, CloudFlare
  • Ms. Sanja Kelly, Project Director, Freedom on the Net report
  • Ms. Xianhong Hu, intergovernmental, Division for Freedom of Expression and Media Development, Communication and Information Sector, UNESCO

Image credit: Christiaan Colen on Flickr. CC BY SA

Economy Events

Thoughts On The Internet Economy Sessions At IGF 2015

Reflecting on the 2015 IGF last week, the Internet Economy sub-theme featured prominently, for good reason.  First of all, the Internet economy is a large sector in itself, accounting directly for over 5% of GDP in the G20 countries alone.  More broadly, however, the Internet is what economists call a general purpose technology, which, as the name suggests, has economic impacts on almost every other sector.

As an example of the broader impact of the Internet, today one could argue that the largest taxi company in the world is Uber, which owns no taxis and employees no drivers. Uber is now valued at over $50 billion, in just over five years of operation, and has over 160,000 drivers in US alone, who can earn a full-time living or supplement other work flexibly.  At the same time, Uber has disrupted the traditional taxi industry, and led to protests, bans, and economic anxiety for traditional taxi drivers. As such, Uber encapsulates the opportunity of the Internet, an innovative use of the mobile Internet and smartphone technology (as detailed in our recent Global Internet Report 2015), and the broader economic impact of the Internet.

There were 15 workshops in the Internet economy sub-theme, covering the themes highlighted by the Uber example:

  • First, the economic opportunity of the Internet for innovators and workers is one reason that the digital divide is so critical;
  • Second, the innovative uses of the Internet that continue to astound; and
  • Third, the broader economic impact.

A number of workshops covered the economics of the digital divide, focusing on how to pay for the infrastructure, the efficiency of interconnecting through IXPs, and generating the local content needed to make the Internet as relevant and attractive in emerging markets as it is in established markets.  A second group of workshops covered the usage of the Internet, including content copyright and intermediate liability, the importance of trust in promoting usage, and broadening the use of mobile payments.  Finally, a third group of workshops covered broader economic issues, including the impact of the Internet on jobs, the taxation of multinational Internet companies, and digital trade issues.

It was my privilege to participate in some of these workshops, and attend as many others as I could. As an economist, I was glad to see the depth and breadth of this sub-theme, as we all increasingly work to increase the breadth of Internet access and depth of usage, while addressing the broader economic impacts that emerge.

Growing the Internet Internet Governance

Looking Beyond IGF 2015 to WSIS+10

IGF 2015 in João Pessoa, Brazil will be seen as a milestone for the global Internet community. After 10 years of intense work, the IGF has earned the right to celebrate its success and prepare itself for the future.

As we come out of the meeting, we are urging all who want to be heard at this important moment in the evolution of the Internet to join over 80 organizations and individuals who have already signed on to a message to the UN General Assembly that will 1) help safeguard the IGF for the future; 2) preserve the multistakeholder model of governance; and 3) help keep us focused on the work at hand.

The Internet Governance Forum has always been about the future. At its inception in Tunis on 18 November 2005, it was charged with organizing itself to think about the future; a future that was neither clear nor guaranteed. For 10 years, it has been a bazaar for ideas, a marketplace for trading experiences, and a forum for learning the implications of a global network of networks. Stakeholders from civil society, business, academia, governments and the Internet technical community have come a very long way in finding common ground and learning how to learn from and share with each other.

During the past week, over 2500 people on the ground in João Pessoa and 1500 people in remote hubs, participated in over 100 workshops, round tables and best practice sessions. The Best Practice Forums were well organized, well attended and produced strong papers in six different areas, all supporting the overarching track on Policy Options for Connecting the Next Billion“. These outputs were made possible by the commitment of over 500 hundred experts who worked all year long and who were eager to present their findings in João Pessoa. The meeting was filled with the pride of participants of this extraordinary output of work –and the collaborative model we have, together, developed and nourished all year long.

And, we heard in the past two days the news we were waiting for: at the UN General Assembly meeting of the WSIS+10 Review in New York on December 15 and 16, 2015, the mandate of the IGF is likely to be renewed for 10 years more.

We understand, however, that no decision has yet been made and that it will be formalized in the next weeks at “informal meetings” of governments at which the non-governmental stakeholders will not be invited. Given that we will not be present at this crucial meeting, representatives of many of the organizations who gathered in João Pessoa, Brazil, along with other organizations and individuals from around the world, have developed a statement to the UN General Assembly with three key messages which we believe are crucial to negotiations in the final phase of the WSIS+10:

  • The IGF, harnessing the benefits of the community’s diversity, has become a primary vehicle for identifying issues and solutions through a collaborative approach, on an equal footing and in a free and open environment. The proliferation of national and regional IGF initiatives is a sign of its relevance, and an example of an inclusive, bottom-up approach to global issues, rooted in local communities. We fully support the IGF mandate renewal. In addition, further efforts to implement recommendations for improvements to the IGF will be essential for the community’s ability to continue addressing complex problems, and the challenges of the future.
  • The multistakeholder approach, cooperatively developed since the inception of the Internet is critical in achieving the WSIS goals. The Internet is one of our most important tools for sustainable development, improved human rights and good governance. The community must safeguard the principles of collaboration, openness, transparency and inclusiveness that have allowed the Internet to flourish.
  • There is still much work to be done, especially in connecting the unconnected. Access to an open and inclusive Internet is the central issue of our time, and a fundamental tool enabling free speech and empowering people in the 21st century. The newly adopted Sustainable Development Goals recognize the Internet and connected information and communication technologies (ICTs) as a critical enabler for economic and social progress. The close alignment between the WSIS action lines and these goals reflects the essential role of ICT and the Internet in advancing the 2030 agenda. To achieve these goals, and to ensure a secure and trustworthy Internet, it is crucial that the future of the Internet be shaped through an open, inclusive and truly multistakeholder process.

At the Internet Society, we believe that in ten years hence we will look back at João Pessoa as the meeting at which the multistakeholder model of Internet Governance was solidified and settled as the best and only way to move forward to the future we want: an Internet of Opportunity for all.

We urge all who want to be heard at this important moment to join with us and many others in sending this message. The statement will be submitted before next week when governments gather for their informal meetings in New York.

Thank you, as always, for your dedication, passion and willingness to ensure that the Internet is for Everyone, Everywhere.

Building Trust Growing the Internet Human Rights Internet Governance

ISOC At IGF 2015, Day 4: Human Rights, IANA, WSIS+10, IXPs, Internet Governance and more

The final day of the 2015 Internet Governance Forum (IGF2015) promises to be another day packed full of great sessions, with our President/CEO Kathy Brown highlighting human rights and ISOC Board of Trustee member Narelle Clark participating in a session on the IANA stewardship transition. You can see our schedule of Internet Society-related sessions at:

If you are not in Brazil (as I have not been all week), remote participation is possible. You may also find our other blog posts about IGF2015 of interest.

Also, the IGF Daily Number 4, out today, contains a half-page interview on page 3 with our President / CEO Kathy Brown as well as background on what happened yesterday, particularly around the zero-rating discussion.

I’ll also note that on Day 3 there was a great deal of discussion about encryption – and I’d point you to our encryption page featuring our policy positions, blog posts and projects. Zero-rating and network neutrality also created a passionate discussion – you may find our policy brief on network neutrality to be useful!

So… on to Day 4’s schedule!  This final day is actually the one with the most sessions involving ISOC staff or trustees.

09:00 – 10:30 BRT

The day begins with five simultaneous sessions in the 09:00 – 10:30 BRT (UTC-3) block:

  • And finally, starting at 9:30am BRT, Nicolas Seidler will participate in the OECD Open Forum.

11:00 – 13:00 BRT

After a break, we then move into the 11:00 – 13:00 BRT block where we’ll again have five simultaneous sessions:

  •  Our President and CEO Kathy Brown will be in the Main Meeting Hall for the Human Rights on Internet session, which should probably generate some vigorous discussion.

14:00 – 16:00 BRT

After lunch we’ll be involved with only two sessions in the 14:00 – 16:00 block:

And after that we’ll all head to the Main Meeting Hall for the Closing Ceremony and the end of a very successful IGF 2015!

Throughout the day we’ll be providing updates on social media using the #IGF2015 hashtag, particularly on our @InternetSociety and @ISOCpolicy Twitter accounts. Please follow us there for more info – and if you are in Brazil at IGF 2015, please do stop by our ISOC booth and say hello to our staff and volunteers!

And with this post, our “ISOC at IGF” daily post series draws to a close. Thank you for reading and please do look back on our IGF 2015 blog posts and our main IGF 2015 page for more information about the event.

We look forward to working with all of you to connect the unconnected to a global, trusted Internet!

Image credit: photo of our chief economist, Michael Kende, speaking on the Day 3 panel about local infrastructure and local content.

Growing the Internet Improving Technical Security

ISOC At IGF 2015, Day 3: Cybersecurity, Zero-rating, Death and the Internet and much more…

Day 3 of the 2015 Internet Governance Forum (IGF2015) continues the rapid pace of Internet Society activity, beginning with a main session panel on cybersecurity with ISOC Board of Trustees Chair Bob Hinden. You can see our schedule at:

Please remember that remote participation is possible if you are not in Brazil – and please review our other blog posts about IGF2015 for background. Also, IGF Daily Number 3 is out today with discussion about what happened yesterday.

As I mentioned, Day 3 begins with a main session from 09:00 – 12:30 BRT (UTC-3) on Enhancing Cybersecurity and Building Digital Trust that will include among the speakers the chair of our Board of Trustees, Bob Hinden. We expect that among other topics Bob will speak about Collaborative Security, our approach to Internet security issues. Our positions about encryption could also be discussed.

During that same time period, we’ll have participants in two other sessions. From 9:00 – 10:30am, our Chief Economist, Michael Kende, will be speaking on a panel on WS 110: “Internet Plus” to Fuel Industry Evolution. From 11:00 – 12:00, ISOC Board of Trustee member Narelle Clark will be part of a panel I personally find intriguing: “Death and Internet – Managing Digital Legacies“.

At 14:00 BRT a four-hour two-hour conversation on A Dialogue on “Zero Rating” and network Neutrality will kick off in the Main Meeting Hall. We expect this to be a well-attended session with a great amount of discussion. Our Frédéric Donck is among the panelists. (Please see our Network Neutrality Policy Brief for more information on this topic.)

We’ll also have staff in many other sessions, including:

Throughout the day we’ll be providing updates on social media using the #IGF2015 hashtag, particularly on our @InternetSociety and @ISOCpolicy Twitter accounts. Please follow us there for more info – and if you are in Brazil at IGF 2015, please do stop by our ISOC booth and say hello to our staff and volunteers!

Image credit: photo of ISOC Board of Trustees member Narelle Clark speaking on the Day 2 Best Practices Forum on practices to countering abuse against women online.

Building Trust Growing the Internet Internet Governance

ISOC At IGF Day 2: ISOC Open Forum, IXPs, Encryption, IoT, IPv6 and more

Before diving into what’s on the agenda of “Day 2” of the 2015 Internet Governance Forum (IGF2015) let me first note that yesterday we issued a news release about our President and CEO Kathy Brown’s remarks at the IGF 2015 Opening Session:

We would encourage you all to take a look because those two themes of connecting the unconnected and ensuring trust are themes you are going to hear us talking about quite a bit over the next year! (And probably beyond!)

We also published a video of Kathy Brown’s inspiring remarks at the Day 0 High Level Leaders meeting and with our partners at the Diplo Foundation announced a call for curators of Internet governance topics on the GIP Digital Watch platform. (Apply now!)

It was a VERY busy day and Day 2 (11 Nov) is only going to be even busier! Here’s the schedule:

Please remember that remote participation is possible if you are not in Brazil – and please review our other blog posts about IGF2015 for background. Also check out IGF Daily No. 2 for more information.

Our Day 2 will begin from 09:00 – 10:30 BRT (UTC-3) with two Best Practices Forums that will feature two members of our Internet Society Board of Trustees: Bob Hinden and Narelle Clark.

Simultaneously there will be a workshop session about how mobile Internet and the Internet of Things (IoT) can expand opportunities for people with disabilities.

From 11:00 – 12:30 BRT a number of our staff, Board members and volunteers will be at the ISOC Open Forum in Workshop Room 3 where, as Constance recently wrote, we’ll provide an overview of the Internet Society’s mission, key activities and regional breadth and provide an opportunity to meet with key staff.

Another major block of the day will be from 14:00 – 17:30 in the Main Meeting Hall where the IGF Intersessional Work: Policy Options and Best Practices for Connecting the Next Billion will be underway. This session will discuss the policy options document that included the input of 15 national and regional IGFs, more than 80 background contributions from all stakeholder groups, as well as comments through the IGF online platform. The various Best Practices documents will also be reviewed.

Throughout the day we’ll also have staff in many other sessions, including:

Throughout the day we’ll be providing updates on social media using the #IGF2015 hashtag, particularly on our @InternetSociety and @ISOCpolicy Twitter accounts. Please follow us there for more info – and if you are in Brazil at IGF 2015, please do stop by our ISOC booth and say hello to our staff and volunteers!

Image credit: photo of the Vint Cert in the Opening Session on Day 1.

Building Trust Encryption Human Rights Improving Technical Security Privacy

Imagine an encrypted world! A workshop at the IGF 2015

What would a world of pervasive encryption look like?  How would it change the ways in which we use the Internet? How do we get to that world? And how would law enforcement work?

In the aftermath of Snowden disclosures on pervasive surveillance, there has been a growing interest in the role of encryption as a tool that can protect the confidentiality of users’ communications online.

For those among you who are not following closely this issue, let’s take a step back: encryption (from the latin word crypt, meaning hidden place) is a means to protect your data from prying eyes. It is basically a way to encode information between two points so that only authorized parties can see it.

In the current debate, many governments and law enforcement agencies are arguing that they need access to people’s data in order to prevent crimes or to advance investigations. From that point of view, they don’t necessarily see encryption from a very keen eye.

An Internet that cannot offer secure online communications will likely undermine trust in online trade, put activists in challenging countries at risk, and just undermine people’s privacy expectations. At the same time, law enforcement agencies need to do their job and using targeted data can be a means for this objective, within the boundaries of the rule of law and the respect of fundamental rights (which, as reflected in the latest Freedom on the Net report, is not always the case as national security arguments are sometimes used for political censorship).

So how can we reconcile both sides of this equation?

We will try to answer this question during the 2015 Internet Governance Forum this week, in Joao Pessoa, Brazil.

To do that, we are going to project ourselves in a hypothetical future where all Internet communications are encrypted; a world of ubiquitous encryption. After all, engineers are already working towards that end, more companies are enabling encryption, and most civil society organisations are aspiring for it.

So how would we get to this possible future? When could this happen and what would lead to this alternate reality?

What would this encrypted world look like? Would it happen at the level of the Internet architecture and without action needed from users?

And finally, how would law enforcement look like in this scenario? Would they be able to protect citizens, and if yes by what means?

We will have an amazing panel of speakers in Joao Pessoa to try to address these questions:

• Mr. Frank Pace, Sergeant, Digital Forensics Investigative Unit, Strategic Information Bureau, Phoenix Police Department

• Mr. David Kaye, UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression

• Mr. Ted Hardie, Executive Director, Internet Architecture Board

• Ms. Carly Nyst, civil society, former Privacy International, international privacy expert

• Mr. Michael Nelson, Internet-related global public policy issues, CloudFlare

• Ms. Sanja Kelly, Project Director, Freedom on the Net report

• Ms. Xianhong Hu, intergovernmental, Division for Freedom of Expression and Media Development, Communication and Information Sector, UNESCO

Join us, either on site or remotely, on 11 November at 12:00-13:00 BRT (15:00-16:00 UTC), in this forward-looking exercise to find solutions for our present issues.

NOTE: For more information on the Internet Society’s position on encryption and related activites, please see:

UPDATE – 2 December 2015 – Nicolas Seidler published a post about the results of this session: Encryption and law enforcement: aiming for trust.

Photo credit: Yuri Samoilov on Flickr


Building Trust Growing the Internet Internet Governance

Video Available of Kathy Brown’s Remarks at IGF 2015 High Level Leaders Meeting

Yesterday at the 2015 Internet Governance Forum (IGF2015) in Brazil, our President and CEO Kathy Brown gave an inspiring set of remarks in the High Level Leaders Meeting.  Courtesy of some excellent production work by Joly MacFie of our ISOC New York Chapter syncing the audio and video, we’re now able to provide you with a video recording of Kathy’s remarks:

In her remarks, Kathy echoed many of the themes she wrote about in her “On My Way to IGF 2015” blog post.

Please visit our IGF2015 page and our IGF2015-related blog posts for more information about all that is happening in Brazil this week!

UPDATE: Joly has also made the video available on Facebook for those who wish to share the video there.

Building Trust Growing the Internet Internet Governance

On My Way To IGF 2015

João Pessoa, Brazil. This is the week. After 10 years of growing the Internet Governance Forum (IGF), over 2,500 advocates from around the world will gather once again for a pivotal meeting to strongly affirm our central role in Internet governance and to, once again, insist that the Internet is for Everyone–Everywhere.

We will come to celebrate the 10 years of transformative change brought about by our collective efforts to build an Internet from the bottom up for the benefit of our human society. We come also to embrace the opportunities and challenges of the future. We acknowledge that we still have work to do, and, by our engagement and shared determination, we will demonstrate that the IGF is an essential part of the ongoing, global effort to ensure that the next 10 years will preserve and extend our deeply held values of openness, global connectivity and trust.

This meeting comes at a critical time in the evolution of the Internet. While the roots of the Internet are in the technical and academic world, the Internet today is deeply integrated into all aspects of our global economies. As noted in ISOC’s announcement of its 2016 Plan of Action, today we live in an era of connectedness where the creativity of more than three billion people has unleashed new uses and capabilities that now extend to the basic requirements of our local–and global–communities–health, education, job development, banking, transportation and more. As more people across the planet have become connected, the Internet’s value has increased exponentially. At the same time, the cost of being unconnected has increased dramatically. The divide between the connected 3 billion and the unconnected 4.3 billion is not just digital: it is economic, social, and political.

In addition, an increasing number of security and privacy issues have undermined trust in the Internet itself. Government surveillance, corporate and government data breaches, practices that erode privacy, mass hacking incidents, and systemic gaps in security practices have led to disillusionment among Internet users about their ability to control their online destiny. Even a universally deployed network, untrusted, will languish as people forgo its use in promising areas such as medicine and learning.

These two imperatives — connecting the unconnected and ensuring trust — are the work of our time.

The 10th anniversary of IGF is importantly focused on “Empowering Sustainable Development” and “Connecting The Next Billion”. These priorities must be utmost in our minds during our deliberations. We cannot abide by a world in which over half of our people remain unconnected from what is the “central nervous system” of the global economy. The UN has recognized the power of the Internet as an essential enabler of reaching new Sustainable Development Goals (SDGs) and has called upon nations of the world to bring Internet access to the poorest nations by 2020. At the 10th Anniversary of the IGF, we must embrace this challenge and show how this Forum can support best practices, policy proposals and community engagement to impact this great undertaking of the 21st Century.

At the same time, we know that we must simultaneously work to promote and restore trust in the Internet. The numerous workshops here in Brazil on privacy and human rights are central to our concerns. The work this week is designed to discuss how to bring about both increased security and increased privacy – on both a policy and technology level.

There is immense power in the community of people who ARE the IGF. It is my hope and expectation that the 2500 participants–Internet users, civil society, human rights advocates, technical community members, businesses, and governments, too, will all be working collaboratively to address these issues and more.

I believe we can move forward from João Pessoa showing, once again, the power of the multistakeholder community and create the policy environment that enables the Internet of Opportunity we want to make available to all. As we look forward to the WSIS+10 discussions in just one month’s time — and what now looks like a 10 year extension of the IGF — it is the time for the COMMUNITY to again map the future of the Internet.

We must find a clear path for connecting the next billions to an open, trusted Internet.

I look forward to meeting you all in Brazil and working with you and others around the world to make these goals a reality.

Image credit: IGF 2015 host website